If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Given policymakers' and the public's intense focus on cracking down on speech they consider undesirable, this year's Who Has Your Back report features substantially redesigned categories and criteria. Since the Electronic Frontier Foundation began publishing Who Has Your Back in 2011, it has generally focused on the practices of major consumer-facing Internet companies regarding government requests to produce user data. This year, we shift our focus to companies' responses to government requests to take down user content and suspend user accounts.

For our 2018 report, we assess companies' policies against five all-new criteria:

Transparency in reporting government takedown requests based on legal requests
Transparency in reporting government takedown requests based on requests alleging platform policy violations
Providing meaningful notice to users of every content takedown and account suspension
Providing users with an appeals process to dispute takedowns and suspensions
Limiting the geographic scope of takedowns when possible

Three platforms—the Apple App Store, Google Play Store, and YouTube—earned stars in all five of these categories. And three more—Medium, Reddit, and WordPress.com—earned stars in all but the notice category, which proved the most challenging category for the companies we assessed. Some companies fell notably short overall; Facebook's and Instagram's policies in particular lagged behind comparable tech companies and social networks. However, it's clear that public pressure is resulting in real change in corporate policy and practice. We look forward to more long-term improvements across the industry in future years as companies take steps to be more accountable to their users and those users' right to freedom of expression.

Two dozen civil liberties organizations, including EFF and the ACLU, have urged Director of National Intelligence Daniel Coats to report—as required by law—statistics that could help clear up just how many individuals are burdened by broad NSA surveillance of domestic telephone records. These records show who is calling whom and when, but not the content of the calls.

These numbers are crucial to understanding how the NSA conducts this highly sensitive surveillance under Section 215 of the Patriot Act, as amended by the USA Freedom Act of 2015. Under the earlier version of this surveillance program, the NSA collected details of nearly every single American's phone calls. With the NSA’s domestic phone record surveillance powers scheduled to expire in 2019, Congress and the public deserve to know the truth before any legislative attempts to reauthorize the program.

Despite this, the Office of the Director of National Intelligence (ODNI) has failed to report these statistics in its past three annual transparency reports.

The civil liberties groups also signed a letter to Reps. Bob Goodlatte (R-VA) and Jerry Nadler (D-NY), the Chair and Ranking Member of the House Judiciary Committee, warning about the NSA’s continued failure to comply with the law mandating disclosure of this data.

The House of Representatives passed a bill this week called the National Defense Authorization Act (NDAA), which authorizes the nation’s military and defense programs. Earlier in the week, scores of Representatives offered amendments to this must-pass bill in hopes of ensuring that their ideas get a chance to become law.

Rep. Kevin Yoder (R-KS) used this opportunity to include as an amendment the Email Privacy Act, a piece of legislation long-favored by EFF. The Email Privacy Act would codify the rule announced by the Sixth Circuit—and now followed by providers nationwide—that requires government agents to first obtain a probable cause warrant when seeking the content of communications stored by companies like Google, Facebook, Slack, Dropbox, and Microsoft.

On Thursday night, the House approved the NDAA—including the amendment with the Email Privacy Act—in a 351-66 vote. We applaud the House’s inclusion of this important statutory language.

On Monday, June 11, the FCC's rollback of net neutrality rules went into effect, but don't expect the Internet to change overnight.

You can look forward to an Internet that's slower when you're trying to visit less popular sites, and where online services get a bit more expensive because they have to pay protection money to the ISPs. It will be harder for new companies to come in and compete with the ones that paid for fast lanes, and the nonprofit information resources on the web will be harder to use.

It's not going to be a flashy apocalypse; it will be a slow decline into the Internet of ISP gatekeeping, and you probably won't even know what neat services and helpful resources you're missing. And one day, when the ISPs are secure in their victory, they'll test the waters and see if you'll pay extra to access anything that's not Facebook, or Comcast's video platform, or AT&T's paying partners.

Being able to communicate safely and privately with friends and family is part of the foundation of all our lives, so it's also a key skill for using the Internet. This month's cryptoparty will go over easy ways to talk, chat, and email securely online. It's always good to review the tools and habits that our digital security depend on, especially with the recent Signal Desktop flaws and the e-Fail email exploits.

The Supreme Court handed down a landmark opinion in Carpenter v. United States last week, ruling 5-4 that the Fourth Amendment protects cell phone location information. In an opinion by Chief Justice Roberts, the court recognized that location information—collected by cell providers like Sprint, AT&T, and Verizon—creates a “detailed chronicle of a person’s physical presence compiled every day, every moment over years.” As a result, police must now get a warrant before obtaining this data.

Perhaps the most significant part of the ruling is its explicit recognition that individuals can maintain an expectation of privacy in information that they provide to third parties. The court termed that a “rare” case, but it’s clear that other invasive surveillance technologies, particularly those that can track individuals through physical space, are now ripe for challenge in light of Carpenter. Expect to see much more litigation on this subject from EFF and our friends.

We’re announcing the launch of STARTTLS Everywhere, EFF’s initiative to improve the security of the email ecosystem.

Thanks to previous EFF efforts like Let's Encrypt, and Certbot, as well as help from the major web browsers, we've seen significant wins in encrypting the web. Now we want to do for email what we’ve done for web browsing: make it simple and easy for everyone to help ensure their communications aren’t vulnerable to mass surveillance.

STARTTLS is an addition to SMTP, which allows one email server to say to the other, “I want to deliver this email to you over an encrypted communications channel.” The recipient email server can then say “Sure! Let’s negotiate an encrypted communications channel.” The two servers then set up the channel and the email is delivered securely, so that anybody listening in on their traffic only sees encrypted data. In other words, network observers gobbling up worldwide information from Internet backbone access points (like the NSA or other governments) won't be able to see the contents of messages while they’re in transit, and will need to use more targeted, low-volume methods.

STARTTLS Everywhere provides software that a sysadmin can run on an email server to automatically get a valid certificate from Let’s Encrypt. This software can also configure their email server software so that it uses STARTTLS, and presents the valid certificate to other email servers. Finally, STARTTLS Everywhere includes a “preload list” of email servers that have promised to support STARTTLS, which can help detect downgrade attacks. The net result: more secure email, and less mass surveillance.

It all started when Stephanie Lenz posted a YouTube video of her then-toddler-aged son dancing while Prince’s song “Let's Go Crazy” played in the background, and Universal used copyright claims to get the link disabled. We brought the case hoping to get some clarity from the courts on a simple but important issue: can a rightsholder use the Digital Millennium Copyright Act to take down an obvious fair use, without consequence?

The U.S. Court of Appeals for the Ninth Circuit held that the DMCA requires a rightsholder to consider whether the uses she targets in a DMCA notice are actually lawful under the fair use doctrine. However, the court also held that a rightsholder’s determination on that question passes muster as long as she subjectively believes it to be true. This leads to a virtually incoherent result: a rightsholder must consider fair use, but has no incentive to actually learn what such a consideration should entail. After all, if she doesn’t know what the fair use factors are, she can’t be held liable for not applying them thoughtfully.

Thanks to the Lenz decision, courts will be more likely to think of fair use, correctly, as a crucial vehicle for achieving the real purpose of copyright law: to promote the public interest in creativity and innovation. And rightsholders are on notice: they must at least consider fair use before sending a takedown notice. After the Supreme Court denied petitions to consider the Ninthb Circuit's ruling, the case returned to the district court for trial on the question of whether Universal’s takedown was a misrepresentation under the Ninth Circuit’s subjective standard. Rather than go to trial, the parties have agreed to a settlement.

Using word searches to find infringement is a bad way to go about things. It is likely why Volkswagen filed three takedown requests on art of beetles. Not Beetles with four wheels and headlights. Beetles with six legs and hard, shiny carapaces. For the record, Volkswagen holds no rights to literal bugs.

This year marks the fourth anniversary of the Supreme Court’s decision in Alice v. CLS Bank. In Alice, the court ruled that an abstract idea does not become eligible for a patent simply by being implemented on a generic computer. Now that four years have passed, we know the case’s impact: bad patents went down, and software innovation went up.

Lower courts have applied Alice to throw out a rogues’ gallery of abstract software patents. Counting both federal courts and the Patent Trial and Appeal Board, there are more than 400 decisions finding patent claims invalid under Alice. These include rulings invalidating patents on playing bingo on a computer, computerized meal plans, updating games, and many more. Some of these patents had been asserted by patent trolls dozens or even hundreds of times. A single ruling threw out 168 cases where a troll claimed that companies infringed a patent on the idea of storing and labeling information.

Browser fingerprinting is on a collision course with privacy regulations. Compared to more well-known tracking “cookies,” browser fingerprinting is trickier for users and browser extensions to combat: websites can do it without detection, and it’s very difficult to modify browsers so that they are less vulnerable to it. As cookies have become more visible and easier to block, companies have been increasingly tempted to turn to sneakier fingerprinting techniques.

But companies also have to obey the law. And for residents of the European Union, the General Data Protection Regulation (GDPR), which entered into force on May 25th, is intended to cover exactly this kind of covert data collection. The EU has also begun the process of updating its ePrivacy Directive, best known for its mandate that websites must warn you about any cookies they are using. If you’ve ever seen a message asking you to approve a site’s cookie use, that’s likely based on this earlier Europe-wide law.

This leads to a key question: Will the GDPR require companies to make fingerprinting as visible to users as the original ePrivacy Directive required them to make cookies?

The answer, in short, is yes. Where the purpose of fingerprinting is tracking people, it will constitute “personal data processing” and will be covered by the GDPR.

New data and records released by California Department of Justice (CADOJ) show a steep increase in the number of agencies disclosing cases of abuse of the state's network of law enforcement databases—a major victory for transparency and law enforcement accountability.

We are asking a court to declare the Allow States and Victims to Fight Online Sex Trafficking Act of 2017 (“FOSTA”) unconstitutional and prevent it from being enforced. The law was written so poorly that it actually criminalizes a substantial amount of protected speech and, according to experts, actually hinders efforts to prosecute sex traffickers and aid victims.

In our lawsuit, two human rights organizations, an individual advocate for sex workers, a certified non-sexual massage therapist, and the Internet Archive are challenging the law as an unconstitutional violation of the First and Fifth Amendments. Although the law was passed by Congress for the worthy purpose of fighting sex trafficking, its broad language makes criminals of those who advocate for and provide resources to adult, consensual sex workers and actually hinders efforts to prosecute sex traffickers and aid victims.

Against all the odds, but with the support of nearly a million Europeans, MEPs voted earlier this month to reject the EU's proposed copyright reform—including controversial proposals to create a new "snippet" right for news publishers, and mandatory copyright filters for sites that published user-uploaded content.

The change was a testimony to how powerful and fast-moving net activists can be. Four weeks ago, few knew that these crazy provisions were even being considered. By the June 20th vote, Internet experts were weighing in, and wider conversations were starting on sites like Reddit.

The result was a vote on July 5th of all MEPS that culminated in a 318 against 278 vote in favour of withdrawing the Parliament's support for the languages.

It’s easy to feel adrift these days. The rising tide of social unrest and political extremism can be overwhelming, but on EFF’s 28th birthday our purpose has never been more clear. With the strength of our numbers, we can fight against the scourge of pervasive surveillance, government and corporate overreach, and laws that stifle creativity and speech....
California's Net Neutrality Bill Is Strong Again Because You Spoke Out

After a hearing that stripped California’s gold-standard net neutrality bill of much of its protections, California legislators have negotiated new amendments that restore the vast majority of those protections to the bill. The big ISPs and their money did not defeat the voices of the many, many people who want and need a free and open Internet.

Hodder and Stoughton, a large British publisher, has sent a letter to Mihalis Eleftheriou claiming that it has rights to a patent that covers recorded language lessons, and demanding that he stop providing online courses. Hodder and Stoughton contends that Language Transfer infringes U.S. Patent No. 6,565,358, titled “Language teaching system.” The patent essentially covers a language lesson on tape.

When government agencies refuse to let the members of the public watch what they’re doing, drones can be a crucial journalistic tool. But now, some members of Congress want to give the federal government the power to destroy private drones it deems to be an undefined “threat.” Even worse, they’re trying to slip this new, expanded power into unrelated, must-pass legislation without a full public hearing. Worst of all, the power to shoot these drones down will be given to agencies notorious for their absence of transparency, denying access to journalists, and lack of oversight.

The Trump Administration’s “zero tolerance” program of criminally prosecuting all undocumented adult immigrants who cross the U.S.-Mexico border has had the disastrous result of separating as many as 3,000 children—many no older than toddlers—from their parents and family members. The federal government doesn’t appear to have kept track of where each family member has ended up. Now politicians, agency officials, and private companies argue DNA collection is the way to bring these families back together. DNA is not the answer. Immigrant families shouldn’t have to trade the civil rights violation of being separated from their family members for the very real threats to privacy and civil liberties posed by DNA collection.

Tech companies, especially those selling surveillance equipment, must step up and ensure that they aren’t assisting governments in committing human rights, civil rights, and civil liberties abuses. This obligation applies whether those governments are foreign or domestic, federal or local.

One way tech companies can navigate this difficult issue is by adopting a robust Know Your Customer program, modeled on requirements that companies already have to follow in the export control and anti-bribery context.

EFF was founded 28 years ago, and during that time, EFF’s logo remained more or less unchanged. This helped us develop a consistent identity — people in the digital rights world instantly recognize our big red circle and the heavy black “E.” But the logo had some downsides. It’s hard to read, doesn’t say much about our organization, and looks a bit out of date. We are finally getting around to a new look for EFF.

Join EFF at OSCON, O'Reilly's blockbuster open source event at the Portland Convention Center. Stop by the EFF booth #P21 to learn about the latest in the digital civil liberties movement. You can even donate to get some great swag or become an official member! There has never been a more important time to ensure that our rights have a defender. We hope to see you there.
.Job Openings

When everyone is using encryption apps, "the fact that you are using the app at all is not an indicator that you are someone the government might be interested in watching"—and that makes everyone safer, says EFF Staff Technologist Erica Portnoy. (Select All)

You may have arrived at this post because you received an email from a purported hacker who is demanding payment or else they will send compromising information—such as pictures sexual in nature—to all your friends and family. You’re searching for what to do in this frightening situation.

Don’t panic. Contrary to the claims in your email, you haven't been hacked (or at least, that's not what prompted that email). This is merely a new variation on an old scam which is popularly being called "sextortion." This is a type of online phishing that is targeting people around the world and preying off digital-age fears.

The first and foremost piece of advice we have: do not pay the ransom.

If the scammer emailed you a password that you still use, in any context whatsoever, STOP USING IT and change it NOW! Consider employing a password manager to keep your passwords strong and unique. Moving forward, you should make sure to enable two-factor authentication whenever that is an option on your online accounts. You can also check out our Surveillance Self-Defense guide for more tips on how to protect your security and privacy online. You may also want to apply a cover over your computer’s camera. We know this experience isn't fun, but it's also not the end of the world. Just ignore the scammers' empty threats and practice good password hygiene going forward!

When it comes to guns, nearly everyone has strong views. When it comes to Internet publication of 3D printed guns, those strong views can push courts and regulators into making hasty, dangerous legal precedents that will hurt the public's ability to discuss legal, important, and even urgent topics ranging from mass surveillance to treatment of tear gas attacks. In its responses to 3D printed guns, the U.S. Department of State and state Attorneys General have sought to brush aside the legal protections that ensure your right to dissent and to publish technological information and software for privacy and other purposes. That’s why we’re working to make sure that 3D printing cases don’t set precedents that chip away at your freedoms to speak and learn online.

If the states in this case are successful, they will bypass legal doctrines that we rely on to protect your right to encrypt and your right to advocate for social change. Their arguments are dangerous because they threaten to empower current (and future) U.S. government officials to play pre-publication gatekeeper of what information you can publish online based on the barest, unproven claim of national interest or the possibility that others might use your information to further crimes. It could bar us from publishing and discussing artificial intelligence technologies, something that has increasing importance to our online lives and even how the government makes decisions about bail and sentencing. It could censor information about how to survive a chemical weapons attack. It could force us to compromise our secure communications technologies, making our personal information vulnerable to unlawful surveillance and identity theft.

California has enacted the Consumer Privacy Act (A.B. 375), a well-intentioned but flawed new law that seeks to protect the data privacy of technology users and others by imposing new rules on companies that gather, use, and share personal data. There's a lot to like about the Act, but there is substantial room for improvement. Most significantly, the act allows businesses to charge a higher price to users who exercise their privacy rights, does not provide users the power to bring violators to court (with the exception of a narrow set of businesses if there are data breaches), does not require user consent for data collection, only requires users to opt-out (rather than opt-in) to data being sold, and the "right-to-know" language is not specific enough and does not avoid news gathering.

The CCPA is just a start. Between now and the Act’s effective date in January 2020, much work remains to be done. EFF looks forward to advocating for improvements to the Act in the months and years to come.

U.S. law makes clear that the government cannot keep surveillance records on a person or group because of their political views or the way that they express their First Amendment rights. Unfortunately, the FBI has flouted these laws by maintaining records of its probe of two people whose website criticized U.S. policy in the Middle East.

In this case, plaintiffs Mr. Raimondo and Mr. Garris ran the website antiwar.com, where they wrote pieces criticizing U.S policy in the Middle East in the early 2000s. After reposting a widely available FBI document, they caught the notice of the FBI, which began tracking the website and the two men through a practice called “threat assessment.” The FBI did not find any wrongdoing or basis to further investigate. Nonetheless, the FBI maintained for many years a record of the postings on this advocacy website and its writers. The First Amendment clearly protects their online journalism and advocacy. Now they are requesting that the FBI expunge their surveillance files.

Two reporters recently identified eight AT&T locations in the United States—towering, multi-story buildings—where NSA surveillance occurs on the backbone of the Internet. Their article showed how the agency taps into cables, routers, and switches that handle vast quantities of Internet traffic around the world. Published by The Intercept, the report shines a light on the NSA’s expansive Internet surveillance network housed inside these sometimes-opaque buildings.

EFF has been shining its own light on NSA Internet surveillance for years with our landmark case, Jewel v. NSA. In more than 10 years of litigation, we’ve made significant strides. Despite the government’s years-long stonewalling, EFF is committed to continuing its fight against the NSA’s mass, warrantless surveillance. Multiple newspapers and publications, like The Intercept, are equally committed, too. We thank them for investigating and writing stories that confirm what we’ve said in our Jewel suit, and for continuing to expose the enormous breadth of NSA surveillance to the public.

When patent trolls threaten and sue small businesses, their actions draw the public's attention to the worst abuses of the patent system. Upaid Ltd., a shell company based in the British Virgin Islands, has been filing patent infringement lawsuits throughout 2018, including 14 against laundromats—yes, laundromats—from California to Massachusetts.

Upaid says that laundromats are infringing U.S. Patent No. 8,976,947. Claim 1 of the patent describes a computer system that performs “pre-authorized communication services and transactions,” after checking an account to see if a user “has a sufficient amount currently available for the … transaction.” It’s essentially a patent on having a prepaid account for—well, anything.
.AnnouncementsCrypto 2018: Global Overview of Developments in Encryption and Surveillance Policy and Law

For folks attending Crypto 2018, the 38th International Cryptology Conference, don't miss this internationally-focused panel on surveillance and encryption. Organized by the International Association for Cryptologic Research (IACR), EFF Executive Director Cindy Cohn will examine recent international and U.S. governmental efforts to control encryption and limit user security.

We have just days until the European Parliament debates and votes on the new Copyright Directive, with its dangerous censorship machine and link tax measures.

Under the censorship machine proposal, Article 13, websites with user-generated content would have to automatically filter out anything that rightsholders designate – giving rise to the wrongful blocking, false assertions of copyright, and disregard for free speech that we’ve seen with censorship machines elsewhere.

The link tax, Article 11, would stop you from from linking to news articles on sites that generate previews unless you're on a site that's negotiated a license with the publisher you're linking to. The proposal aims to shrink protections for quotation that help readers decide whether to visit the linked site.

Together, these extreme, unworkable proposals represent a grave danger to the Internet, and they won't just affect Europeans.

If you’re in the EU, get in touch with your MEP by visiting Save Your Internet, and help us stop Article 11 and Article 13 from wrecking the Internet for everyone.

Everyone else: Share this with your European friends and family and let them know that this is a red alert. We have just days until the vote.

Together, we stopped the MEPs from fast-tracking the link tax and censorship machine proposals over the summer. Now, it's time to convince them to reject these measures entirely.

The California legislature scored a huge win in the fight for open access to scientific research. Now it’s up to Governor Jerry Brown to sign it. Under A.B. 2192—which passed both houses unanimously—all peer-reviewed, scientific research funded by the state of California would be made available to the public no later than one year after publication. There’s a similar law on the books in California right now, but it only applies to research funded by the Department of Public Health, and it’s set to expire in 2020. A.B. 2192 would extend it indefinitely and expand it to cover research funded by any state agency.

While we’re delighted to see A.B. 2192 pass, it’s only one step in the right direction. Science moves quickly, and a one-year embargo period is simply too long. Lawmakers should work to ensure that more grantees publish their papers in open access journals, available free of cost to the public on the date of publication. Lawmakers in California and elsewhere should also consider requiring open licenses in future laws. Requiring that grantees publish research under a license that allows others to republish, remix, and add value ensures that the public can get the maximum benefit of state-funded science. Finally, it’s time for Congress to pass a federal open access bill.

The California legislature scored a huge win in the fight for open access to scientific research. Now it’s up to Governor Jerry Brown to sign it. Under A.B. 2192—which passed both houses unanimously—all peer-reviewed, scientific research funded by the state of California would be made available to the public no later than one year after publication. There’s a similar law on the books in California right now, but it only applies to research funded by the Department of Public Health, and it’s set to expire in 2020. A.B. 2192 would extend it indefinitely and expand it to cover research funded by any state agency.

While we’re delighted to see A.B. 2192 pass, it’s only one step in the right direction. Science moves quickly, and a one-year embargo period is simply too long. Lawmakers should work to ensure that more grantees publish their papers in open access journals, available free of cost to the public on the date of publication. Lawmakers in California and elsewhere should also consider requiring open licenses in future laws. Requiring that grantees publish research under a license that allows others to republish, remix, and add value ensures that the public can get the maximum benefit of state-funded science.

Reuters reported that Facebook is being asked to “break the encryption” in its Messenger application to assist the Justice Department in wiretapping a suspect's voice calls, and that Facebook is refusing to cooperate. The report alarmed us in light of the government’s ongoing calls for backdoors to encrypted communications, but on reflection we think it’s unlikely that Facebook is being ordered to break encryption in Messenger and that the reality is more complicated.

Eight years after Google initially took a stand against Internet censorship by exiting the Chinese search market, we are disappointed to learn the company has been secretly re-considering an extended collaboration with the massive censorship and surveillance-wielding state.

The public, Google’s users, and Google’s employees have been kept increasingly in the dark about compromises on the company’s own values that could massively affect the lives of not only citizens within China or the U.S., but also Internet users around the world. Google has already committed to processes that consider human rights when entering new markets in the Global Network Initiative. Is it following them here?

Google is trying to patent the use of a known data compression algorithm - called asymmetric numeral systems (ANS) – for video compression. In one sense, this patent application is fairly typical. The system seems designed to encourage tech giants to flood the Patent Office with applications for every little thing they do. Google’s application stands out, however, because the real inventor of ANS did everything he could to dedicate his work to the public domain.

The Patent Office issued a non-final rejection of all claims in Google’s application. Even if it could overcome the examiner’s rejection, that would only reflect the failings of a patent system hands out patents for tiny variations on existing methods. It is time for them to abandon its attempt to patent the use of ANS for video compression.

“ISPs are happy to use words like ‘unlimited’ and ‘no throttling’ in their public statements, but then give themselves the right to throttle certain traffic by burying some esoteric language in the fine print," says EFF’s Jeremy Gillula (Bloomberg)

The Senate Commerce Committee is getting ready to host a much-anticipated hearing on consumer privacy—and consumer privacy groups don’t get a seat at the table. Instead, the committee is seeking only the testimony of big tech and Internet access corporations: Amazon, Apple, AT&T, Charter Communications, Google, and Twitter. Some of these companies have spent heavily to oppose consumer privacy legislation and have never supported consumer privacy laws. They know policymakers are considering new privacy protections, and are likely to view this hearing as a chance to encourage Congress to adopt the weakest privacy protections possible—and eviscerate stronger state protections at the same time.

Given this track record, Internet users should wonder whether the upcoming Senate Commerce hearing is just a prelude to yet another privacy rollback. If so, policymakers can expect to hear the voices they excluded loud and clear in opposition. Since we can’t be there to say this ourselves, we’ll say it here: EFF will oppose any federal legislation that weakens today’s hard-fought privacy protections or destroys the states’ ability to protect their citizens’ personal information. EFF has had a long and continuous battle with some of the testifying companies, such as Google and AT&T, regarding your right to data privacy, and we’re not going to give up now.

Despite waves of calls and emails from European Internet users, the European Parliament voted to accept the principle of a universal pre-emptive copyright filter for content-sharing sites (Article 13), as well as the idea that news publishers should have the right to sue others for quoting news items online – or even using their titles as links to articles (Article 11). Out of all of the potential amendments offered that would fix or ameliorate the damage caused by these proposals, they voted for the worst on offer.

There are still opportunities, at the EU level, at the national level, and ultimately in Europe’s courts, to limit the damage. But make no mistake, this is a serious setback for the Internet and digital rights in Europe.

It’s not enough to hope that these laws will lose momentum or fall apart from their own internal incoherence, or that those who don’t understand the Internet will refrain from breaking it. Keep reading and supporting EFF, and join Europe’s powerful partnership of digital rights groups, from Brussels-based EDRi to your local national digital rights organization. Speak up for your digital business, open source project, for your hobby or fandom, and as a contributor to the global Internet commons.

If you’ve ever considered stepping up to play a bigger role in European politics or activism, whether at the national level, or in Brussels, now would be the time.

When government agencies hide their activities from the public, private drones can be a crucial tool for transparency and journalism. But now, some members of Congress want to give the Department of Justice and Department of Homeland Security—including Immigration and Customs Enforcement (ICE)—the power to intercept and destroy private drones it considers a “threat,” with no safeguards ensuring that that power isn’t abused.

The Department of Homeland Security routinely denies reporters access to detention centers. On the rare occasions DHS does allow entry, the visitors are not permitted to take photos or record video. Without other ways to report on these activities, drones have provided crucial documentation of the facilities being constructed to hold children.

We can’t hand the right to take over or shoot down private drones to the DHS and DOJ, offices that are already notorious for their hostility to public oversight. To make it worse, Congress is granting DHS and DOJ broad drone-destroying powers as part of a routine Federal Aviation Administration (FAA) reauthorization bill, with no chance for meaningful debate on how best to limit the government’s authority to intercept or destroy drones.

We have until Wednesday to tell the House of Representatives not to give the Department of Justice and Department of Homeland Security the power to intercept and destroy private drones it considers a “threat," including those being used to document ICE facilities.

Facebook has a problem: an infestation of undercover cops. Despite the social platform’s explicit rules that the use of fake profiles by anyone—police included—is a violation of terms of service, the issue proliferates. While the scope is difficult to measure, EFF has identified scores of agencies who maintain policies that explicitly flaunt these rules.

This summer, the criminal justice news outlet The Appeal reported on a civil rights lawsuit filed by the ACLU of Tennessee against the Memphis Police Department. The lawsuit uncovered evidence that the police used what they referred to as a “Bob Smith” account to befriend and gather intelligence on activists.

Following the report, EFF contacted Facebook, which deactivated that account. Facebook has since identified and deactivated six other fake accounts managed by Memphis police that were previously unknown.

Hopefully this issue is about to change, with a new warning Facebook has sent to the Memphis Police Department. The company has also updated its law enforcement guidelines to highlight the prohibition on fake accounts.

For all intents and purposes, the fate of net neutrality this year sits completely within the hands of a majority of members of the House of Representatives. For one thing, the Senate has already voted to reverse the FCC. For another, 218 members of the House can agree to sign a discharge petition and force a vote to the floor, and nothing could stop it procedurally. This represents the last, best chance for a 2018 end to the FCC’s misguided journey into abandoning consumer protection authority over ISPs such as Comcast and AT&T.

But we need you to take the time to contact your elected officials and make your voice heard: Tell Congress to sign the discharge petition and support net neutrality.

The market for commercial spyware is lucrative and expanding. Our friends at Citizen Lab just released a new report tracking NSO Group’s “Pegasus” spyware to operations in 45 countries, many with track records of human rights abuses. (Citizen Lab)

Writing in the LA Times, Michael Hiltzik notes that while "Gov. Brown hasn’t yet tipped whether he’ll sign” SB 822 to ensure net neutrality in California, FCC Chair Ajit Pai "challenged him to do so. Brown should take him up on the challenge." (LA Times)

We’re pleased to announce that the Library of Congress and the Copyright Office have expanded the exemptions to Section 1201 of the DMCA, which makes it illegal to “circumvent” digital locks that control access to copyrighted works, and to make and sell devices that break digital locks.

This year, EFF proposed expansions of some of the existing exemptions for video creators, repair, and jailbreaking. With this rulemaking, there will be more circumstances where people can legally break digital access controls to do legal things with their own media and devices:

People who repair digital devices, including vehicles and home appliances, will have more protection from legal threats.

Filmmakers, students, and ebook creators will be able to use video clips more freely.

People can now jailbreak and modify voice assistant devices like the Amazon Echo and Google Home, as they can with smartphones and tablets.

Security researchers will have more freedom to investigate and correct flaws on a wider range of devices.

But the exemptions are still too narrow and too complex for most technology users, and they don’t save they don’t save the law from being an unconstitutional restraint on freedom of speech. EFF represents entrepreneur Andrew “bunnie” Huang and Professor Matthew Green in a lawsuit seeking to overturn Section 1201. Having finished this year’s rulemaking, we look forward to continuing that case.

Your strong support helped us persuade California’s lawmakers to do the right thing on many important technology bills debated on the chamber floors this year. Here's just a few of the many successes we achieved.

Our biggest win of the year, the quest to pass California’s net neutrality law and set a gold standard for the whole country, was hard-fought. S.B. 822 not only prevents Internet service providers from blocking or interfering with traffic, but also from prioritizing their own services in ways that discriminate.

Cameras worn by police officers are increasingly common. Some police departments have withheld recordings of high-profile police use of force against civilians, even when communities demand release. The public now has the right to access those recordings. A.B. 748 goes into effect July 1, 2019.

With your support, we persuaded lawmakers to recognize how important it is for some of California’s most vulnerable young people—those involved in the child welfare and juvenile justice systems— to be able to access the Internet, as a way to further their education. A.B. 2448 guarantees that access.

A.B. 2192 was a huge victory for open access to knowledge in the state of California. It gives everyone access to research that’s been funded by the government within a year of its publication date.

For 20 years, McSweeney’s has been the first name (or last name, actually) in emerging short fiction. But this November, McSweeney’s will debut the first all-non-fiction issue of Timothy McSweeney’s Quarterly Concern. “The End of Trust” (Issue 54) is a collection of essays and interviews focusing on issues related to technology and privacy compiled with the help of the Electronic Frontier Foundation. The collection features writing by EFF’s team, including Executive Director Cindy Cohn, Education and Design Lead Soraya Okuda, Special Advisor Cory Doctorow, board member Bruce Schneier, and Investigative Researcher Dave Maass, exploring issues related to surveillance, freedom of information, and encryption.

We also recruited some of our favorite thinkers on digital rights to contribute to the collection: anthropologist Gabriella Coleman contemplates anonymity; Edward Snowden explains blockchain; journalist Julia Angwin and Pioneer Award-winning artist Trevor Paglen discuss the intersections of their work; Pioneer Award winner Malkia Cyril discusses the historical surveillance of black bodies; and Ken Montenegro and Hamid Khan of Stop LAPD Spying debate author and intelligence contractor Myke Cole on the question of whether there’s a way law enforcement can use surveillance responsibly.

We’ve read and reviewed every piece, and without spoiling anything, we can say that it’s smart, thought-provoking, entertaining, and altogether freakin’ awesome.

Facebook has been using contact information that users explicitly provided for security purposes—or that users never provided at all—for targeted advertising. A group of academic researchers from Northeastern University and Princeton University, along with Gizmodo reporters, found that Facebook harvests user phone numbers for targeted advertising in two disturbing ways: two-factor authentication (2FA) phone numbers and “shadow” contact information. As Facebook attempts to salvage its reputation among users in the wake of the Cambridge Analytica scandal, it needs to put its money where its mouth is. Wiping 2FA numbers and “shadow” contact data from non-essential use would be a good start.

All across the country right now, major wireless Internet Service Providers (ISPs) are talking to legislators, mayors, regulators, and the press about the potential of 5G wireless services as if they will cure all of the problems Americans face right now in the high-speed access market. But the cold hard reality is the newest advancements in wireless services will probably do very little about the high-speed monopolies that a majority of this country faces. According to a ground-breaking study by the Institute for Local Self-Reliance, more than 68 million Americans face high-speed cable monopolies today.

A coalition of civil rights and public interest groups recently issued policies they believe Internet intermediaries should adopt to try to address hate online. There’s a lot to like about these proposals; indeed, they reflect some of the principles EFF and others have supported for years—notably the opportunity for users to appeal content moderation decisions, and expanded transparency from corporate platforms, and we look forward to working together to push them forward. But there’s much to worry about too.

We have sued the San Bernardino County Sheriff’s Department to gain access to records about search warrants where cell-site simulators—devices that allow police to locate and track people by tricking their cell phones into a connection—were authorized in criminal investigations. EFF determined that the county has used cell-site simulators 231 times in the last year and filed a request under the California Public Records Act in August to obtain search warrant information for six specific searches that were made public by the DOJ. The request contained detailed information about each warrant, such as the nature of the warrants, the precise start and end dates of the warrants, and verbatim quotes about the grounds for each warrant.

Yet San Bernardino denied the EFF request, claiming it was "vague, overly broad," and didn’t describe an "identifiable record." Our lawsuit aims to shine a light on police use of cell-site simulators.
.
EFF is Supported By Donors.Donate Today

Reproduction of this publication in electronic media is encouraged.
MiniLinks may not represent the views of EFF.
This newsletter is printed from 100% recycled electrons.